Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Prosím o kontrolu - zavírený PC Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu - zavírený PC Vyřešeno
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu - zavírený PC
Toto by malo byť ono. Prepáčte, nejako som na to zabudol:
RogueKiller V8.7.13 _x64_ [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operačný systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ : PC [Práva Správcu]
Režim : Odebrať -- Dátum : 12/20/2013 10:00:16
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy : 0 ¤¤¤
¤¤¤ Záznamy Registrov : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRADENÉ (2)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> NAHRADENÉ (1)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRADENÉ (2)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> NAHRADENÉ (1)
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spustenie položky : 0 ¤¤¤
¤¤¤ webové prehliadače : 0 ¤¤¤
¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤
¤¤¤ Ovládač : [NENAHRATÉ 0x0] ¤¤¤
¤¤¤ Vonkajšie Hives: ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Súbor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AAKX-083CA1 +++++
--- User ---
[MBR] 9c8536b690d63a27acaf5d62b508bee9
[BSP] bf554009e5a41c68658bc45fc24d780e : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) OCZ-VERTEX3 +++++
--- User ---
[MBR] a3ed84bb13a480d6c3cfa763949b7258
[BSP] 369efba5729038d9fa4835b7cc8e210b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončené : << RKreport[0]_D_12202013_100016.txt >>
RKreport[0]_S_12202013_100011.txt
RogueKiller V8.7.13 _x64_ [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operačný systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ : PC [Práva Správcu]
Režim : Odebrať -- Dátum : 12/20/2013 10:00:16
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy : 0 ¤¤¤
¤¤¤ Záznamy Registrov : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRADENÉ (2)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> NAHRADENÉ (1)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRADENÉ (2)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> NAHRADENÉ (1)
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spustenie položky : 0 ¤¤¤
¤¤¤ webové prehliadače : 0 ¤¤¤
¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤
¤¤¤ Ovládač : [NENAHRATÉ 0x0] ¤¤¤
¤¤¤ Vonkajšie Hives: ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Súbor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AAKX-083CA1 +++++
--- User ---
[MBR] 9c8536b690d63a27acaf5d62b508bee9
[BSP] bf554009e5a41c68658bc45fc24d780e : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) OCZ-VERTEX3 +++++
--- User ---
[MBR] a3ed84bb13a480d6c3cfa763949b7258
[BSP] 369efba5729038d9fa4835b7cc8e210b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončené : << RKreport[0]_D_12202013_100016.txt >>
RKreport[0]_S_12202013_100011.txt
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu - zavírený PC
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu - zavírený PC
ComboFix 13-12-18.01 - PC . 12. 2013 10:15:50.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.16361.13940 [GMT 1:00]
Running from: c:\users\PC\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2013-11-20 to 2013-12-20 )))))))))))))))))))))))))))))))
.
.
2013-12-20 09:18 . 2013-12-20 09:18 -------- d-----w- c:\users\PC\AppData\Local\temp
2013-12-20 09:18 . 2013-12-20 09:18 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-12-20 09:18 . 2013-12-20 09:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-19 05:55 . 2013-12-19 05:55 -------- d-----w- c:\windows\ERUNT
2013-12-18 10:52 . 2013-12-18 10:52 -------- d-----w- c:\users\PC\AppData\Local\Adobe
2013-12-18 10:40 . 2013-12-18 10:40 -------- d-----w- c:\users\PC\AppData\Roaming\Malwarebytes
2013-12-18 10:40 . 2013-12-18 10:40 -------- d-----w- c:\programdata\Malwarebytes
2013-12-18 10:40 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-18 10:40 . 2013-12-18 10:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-18 10:40 . 2013-12-18 10:40 -------- d-----w- c:\users\PC\AppData\Local\Programs
2013-12-18 10:15 . 2013-12-19 09:01 -------- d-----w- C:\AdwCleaner
2013-12-18 07:53 . 2013-12-18 07:53 388096 ----a-r- c:\users\PC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-12-18 07:53 . 2013-12-18 07:53 -------- d-----w- c:\program files (x86)\Trend Micro
2013-12-17 01:36 . 2013-12-17 01:36 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-12-17 01:36 . 2013-12-17 01:36 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-17 01:03 . 2013-12-17 01:03 -------- d-----w- c:\users\Konštrukcia
2013-12-17 00:21 . 2013-12-17 00:21 -------- d-----w- c:\programdata\AskPartnerNetwork
2013-12-17 00:21 . 2013-12-17 00:21 -------- d-----w- c:\program files (x86)\AskPartnerNetwork
2013-12-17 00:20 . 2013-12-17 00:20 -------- d-----w- c:\users\PC\AppData\Roaming\Avira
2013-12-17 00:20 . 2013-12-09 10:37 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-12-17 00:20 . 2013-12-09 10:37 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-12-17 00:20 . 2013-12-09 10:37 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-12-17 00:20 . 2013-12-09 10:37 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-17 00:20 . 2013-12-17 00:20 -------- d-----w- c:\programdata\Avira
2013-12-17 00:20 . 2013-12-17 00:20 -------- d-----w- c:\program files (x86)\Avira
2013-12-17 00:08 . 2013-12-20 07:40 -------- d-----w- C:\Subory z C-Disku
2013-12-13 22:00 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{339318BE-9F7A-42A3-9E05-25D362D528ED}\mpengine.dll
2013-12-12 11:11 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-11 07:41 . 2013-08-02 08:25 596256 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpcpp155.dll
2013-12-11 07:41 . 2013-08-02 08:28 593184 ----a-w- c:\windows\SysWow64\hpcdmc32.dll
2013-12-11 07:41 . 2013-08-02 08:28 237344 ----a-w- c:\windows\system32\hpmlm135.dll
2013-12-11 07:41 . 2013-08-02 08:27 162080 ----a-w- c:\windows\system32\hpmtp155.dll
2013-12-11 07:41 . 2013-08-02 08:27 74016 ----a-w- c:\windows\system32\hpmpw081.dll
2013-12-11 07:41 . 2013-08-02 08:27 190240 ----a-w- c:\windows\system32\hpmpm081.dll
2013-12-11 07:41 . 2013-08-02 08:27 217376 ----a-w- c:\windows\system32\hpmml155.dll
2013-12-11 07:41 . 2013-08-02 08:27 199968 ----a-w- c:\windows\system32\hpmja155.dll
2013-12-11 07:41 . 2013-08-02 08:25 442656 ----a-w- c:\windows\system32\hpcpn155.dll
2013-12-11 07:41 . 2013-08-02 08:25 140064 ----a-w- c:\windows\system32\hpcjpm.dll
2013-12-11 07:41 . 2013-08-02 08:21 441632 ----a-w- c:\windows\SysWow64\hpcc3155.dll
2013-12-11 06:14 . 2013-12-11 06:14 -------- d-----w- c:\program files (x86)\IrfanView
2013-12-11 05:36 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-12-10 13:37 . 2013-12-10 13:37 -------- d-----w- c:\program files\Common Files\Adobe
2013-12-10 07:57 . 2013-11-29 16:44 252688 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2013-12-10 07:57 . 2013-11-29 16:43 126736 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2013-12-10 07:57 . 2013-12-10 07:57 -------- d-----w- c:\program files\Oracle
2013-12-10 07:38 . 2013-12-10 08:06 -------- d-----w- c:\users\PC\VirtualBox VMs
2013-12-10 07:38 . 2013-12-13 13:55 -------- d-----w- c:\users\PC\.VirtualBox
2013-12-10 07:38 . 2013-12-10 07:57 -------- dc----w- c:\windows\system32\DRVSTORE
2013-12-06 10:36 . 2013-12-06 10:36 -------- d-----w- c:\users\PC\AppData\Local\Macromedia
2013-12-05 05:53 . 2013-12-17 01:36 -------- d-----w- c:\programdata\Oracle
2013-12-05 05:53 . 2013-12-05 05:53 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-12-05 05:47 . 2013-12-20 08:56 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-12-04 13:31 . 2013-12-04 13:31 -------- d-----w- c:\program files (x86)\PTC
2013-12-04 13:31 . 2013-12-04 13:31 -------- d-----w- c:\program files\Common Files\PTC
2013-12-04 13:31 . 2013-12-04 13:31 -------- d-----w- c:\program files (x86)\Common Files\PTC
2013-12-04 13:31 . 2013-12-04 13:31 -------- d-----w- c:\users\PC\AppData\Roaming\PTC
2013-12-04 13:31 . 2013-12-04 13:31 -------- d-----w- c:\users\PC\AppData\Local\PTC
2013-12-04 13:09 . 2013-12-04 13:09 -------- d-----w- c:\programdata\PTC
2013-12-04 12:57 . 2013-12-05 08:19 -------- d-----w- c:\program files\PTC
2013-12-04 06:47 . 2013-12-04 06:47 -------- d-----w- c:\users\PC\AppData\Roaming\ABBYY
2013-12-04 06:46 . 2013-12-05 07:32 -------- d-----w- c:\programdata\ABBYY
2013-12-04 05:46 . 2013-12-11 20:03 -------- d-----w- c:\program files\CCleaner
2013-12-03 10:02 . 2013-12-03 10:02 -------- d-----w- c:\program files (x86)\av
2013-12-03 10:02 . 2013-12-03 10:02 -------- d--h--w- c:\program files (x86)\Zero G Registry
2013-12-03 10:02 . 2013-12-03 10:02 -------- d--h--w- c:\users\PC\InstallAnywhere
2013-12-03 06:13 . 2013-12-05 06:50 -------- d-----w- c:\users\PC\AppData\Roaming\Download Manager
2013-11-29 16:43 . 2013-11-29 16:43 154896 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2013-11-29 16:43 . 2013-11-29 16:43 140560 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2013-11-29 16:40 . 2013-11-29 16:40 204048 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-17 07:16 . 2013-01-21 13:33 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-12-17 07:16 . 2013-01-21 13:33 35656 ----a-w- c:\windows\system32\LMIport.dll
2013-12-17 07:16 . 2013-01-21 13:33 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-12-17 05:39 . 2012-03-30 09:14 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-17 05:39 . 2012-01-04 14:57 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-14 02:00 . 2012-01-04 14:14 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-05 05:53 . 2012-04-20 07:48 312744 ----a-w- c:\windows\system32\javaws.exe
2013-12-05 05:53 . 2012-04-20 07:48 189352 ----a-w- c:\windows\system32\javaw.exe
2013-12-05 05:53 . 2012-04-20 07:48 189352 ----a-w- c:\windows\system32\java.exe
2013-11-11 04:50 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-28 15:17 . 2013-01-21 13:33 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-10-21 15:17 . 2013-01-21 13:33 92488 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2013-10-12 02:30 . 2013-11-13 21:52 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 21:52 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 21:52 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 21:52 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 21:52 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-13 21:52 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-13 21:52 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-13 21:52 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-13 21:52 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-13 21:52 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-13 21:52 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 21:52 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-13 21:52 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 21:52 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-13 21:52 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-09-28 01:09 . 2013-11-13 21:52 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-25 02:26 . 2013-11-13 21:52 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26 . 2013-11-13 21:52 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23 . 2013-11-13 21:52 28672 ----a-w- c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-13 21:52 135680 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-13 21:52 28160 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 02:22 . 2013-11-13 21:52 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 02:21 . 2013-11-13 21:52 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 02:21 . 2013-11-13 21:52 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 01:58 . 2013-11-13 21:52 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-09-25 01:57 . 2013-11-13 21:52 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-09-25 01:57 . 2013-11-13 21:52 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-25 01:56 . 2013-11-13 21:52 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03 . 2013-11-13 21:52 30720 ----a-w- c:\windows\system32\lsass.exe
2013-09-23 15:56 . 2013-09-23 15:56 19856896 ----a-w- c:\windows\system32\thumbplug.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-09 684600]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP5000 Status Window.lnk - c:\windows\System32\spool\drivers\x64\3\CNAC4LAD.EXE [2012-1-24 60384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 SQLAgent$AUTODESKVAULT;SQL Server Agent (AUTODESKVAULT);c:\program files (x86)\Microsoft SQL Server\MSSQL10.AUTODESKVAULT\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.AUTODESKVAULT\MSSQL\Binn\SQLAGENT.EXE [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DTSAudioService;DTSAudioService;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe [x]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe;c:\windows\SYSNATIVE\hasplms.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
S2 NVWMI;NVIDIA WMI Provider;c:\windows\system32\nvwmi64.exe;c:\windows\SYSNATIVE\nvwmi64.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1615959610-508533854-3776503364-1000Core.job
- c:\users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-23 07:27]
.
2013-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1615959610-508533854-3776503364-1000UA.job
- c:\users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-23 07:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-10-23 18:43 13776 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" [2013-10-23 13776]
.
[HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 2278504]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-10-10 2041192]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-11-29 57928]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.sk/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\my3x8yaw.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
Toolbar-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
c:\users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk - c:\program files (x86)\Mozilla Thunderbird\thunderbird.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-20 10:19:32
ComboFix-quarantined-files.txt 2013-12-20 09:19
.
Pre-Run: 35 231 399 936 bytes free
Post-Run: 35 095 658 496 bytes free
.
- - End Of File - - FDFE6FE35C7E86E26E80DA203876733C
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.16361.13940 [GMT 1:00]
Running from: c:\users\PC\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2013-11-20 to 2013-12-20 )))))))))))))))))))))))))))))))
.
.
2013-12-20 09:18 . 2013-12-20 09:18 -------- d-----w- c:\users\PC\AppData\Local\temp
2013-12-20 09:18 . 2013-12-20 09:18 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-12-20 09:18 . 2013-12-20 09:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-19 05:55 . 2013-12-19 05:55 -------- d-----w- c:\windows\ERUNT
2013-12-18 10:52 . 2013-12-18 10:52 -------- d-----w- c:\users\PC\AppData\Local\Adobe
2013-12-18 10:40 . 2013-12-18 10:40 -------- d-----w- c:\users\PC\AppData\Roaming\Malwarebytes
2013-12-18 10:40 . 2013-12-18 10:40 -------- d-----w- c:\programdata\Malwarebytes
2013-12-18 10:40 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-18 10:40 . 2013-12-18 10:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-18 10:40 . 2013-12-18 10:40 -------- d-----w- c:\users\PC\AppData\Local\Programs
2013-12-18 10:15 . 2013-12-19 09:01 -------- d-----w- C:\AdwCleaner
2013-12-18 07:53 . 2013-12-18 07:53 388096 ----a-r- c:\users\PC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-12-18 07:53 . 2013-12-18 07:53 -------- d-----w- c:\program files (x86)\Trend Micro
2013-12-17 01:36 . 2013-12-17 01:36 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-12-17 01:36 . 2013-12-17 01:36 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-17 01:03 . 2013-12-17 01:03 -------- d-----w- c:\users\Konštrukcia
2013-12-17 00:21 . 2013-12-17 00:21 -------- d-----w- c:\programdata\AskPartnerNetwork
2013-12-17 00:21 . 2013-12-17 00:21 -------- d-----w- c:\program files (x86)\AskPartnerNetwork
2013-12-17 00:20 . 2013-12-17 00:20 -------- d-----w- c:\users\PC\AppData\Roaming\Avira
2013-12-17 00:20 . 2013-12-09 10:37 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-12-17 00:20 . 2013-12-09 10:37 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-12-17 00:20 . 2013-12-09 10:37 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-12-17 00:20 . 2013-12-09 10:37 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-17 00:20 . 2013-12-17 00:20 -------- d-----w- c:\programdata\Avira
2013-12-17 00:20 . 2013-12-17 00:20 -------- d-----w- c:\program files (x86)\Avira
2013-12-17 00:08 . 2013-12-20 07:40 -------- d-----w- C:\Subory z C-Disku
2013-12-13 22:00 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{339318BE-9F7A-42A3-9E05-25D362D528ED}\mpengine.dll
2013-12-12 11:11 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-11 07:41 . 2013-08-02 08:25 596256 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpcpp155.dll
2013-12-11 07:41 . 2013-08-02 08:28 593184 ----a-w- c:\windows\SysWow64\hpcdmc32.dll
2013-12-11 07:41 . 2013-08-02 08:28 237344 ----a-w- c:\windows\system32\hpmlm135.dll
2013-12-11 07:41 . 2013-08-02 08:27 162080 ----a-w- c:\windows\system32\hpmtp155.dll
2013-12-11 07:41 . 2013-08-02 08:27 74016 ----a-w- c:\windows\system32\hpmpw081.dll
2013-12-11 07:41 . 2013-08-02 08:27 190240 ----a-w- c:\windows\system32\hpmpm081.dll
2013-12-11 07:41 . 2013-08-02 08:27 217376 ----a-w- c:\windows\system32\hpmml155.dll
2013-12-11 07:41 . 2013-08-02 08:27 199968 ----a-w- c:\windows\system32\hpmja155.dll
2013-12-11 07:41 . 2013-08-02 08:25 442656 ----a-w- c:\windows\system32\hpcpn155.dll
2013-12-11 07:41 . 2013-08-02 08:25 140064 ----a-w- c:\windows\system32\hpcjpm.dll
2013-12-11 07:41 . 2013-08-02 08:21 441632 ----a-w- c:\windows\SysWow64\hpcc3155.dll
2013-12-11 06:14 . 2013-12-11 06:14 -------- d-----w- c:\program files (x86)\IrfanView
2013-12-11 05:36 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-12-10 13:37 . 2013-12-10 13:37 -------- d-----w- c:\program files\Common Files\Adobe
2013-12-10 07:57 . 2013-11-29 16:44 252688 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2013-12-10 07:57 . 2013-11-29 16:43 126736 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2013-12-10 07:57 . 2013-12-10 07:57 -------- d-----w- c:\program files\Oracle
2013-12-10 07:38 . 2013-12-10 08:06 -------- d-----w- c:\users\PC\VirtualBox VMs
2013-12-10 07:38 . 2013-12-13 13:55 -------- d-----w- c:\users\PC\.VirtualBox
2013-12-10 07:38 . 2013-12-10 07:57 -------- dc----w- c:\windows\system32\DRVSTORE
2013-12-06 10:36 . 2013-12-06 10:36 -------- d-----w- c:\users\PC\AppData\Local\Macromedia
2013-12-05 05:53 . 2013-12-17 01:36 -------- d-----w- c:\programdata\Oracle
2013-12-05 05:53 . 2013-12-05 05:53 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-12-05 05:47 . 2013-12-20 08:56 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-12-04 13:31 . 2013-12-04 13:31 -------- d-----w- c:\program files (x86)\PTC
2013-12-04 13:31 . 2013-12-04 13:31 -------- d-----w- c:\program files\Common Files\PTC
2013-12-04 13:31 . 2013-12-04 13:31 -------- d-----w- c:\program files (x86)\Common Files\PTC
2013-12-04 13:31 . 2013-12-04 13:31 -------- d-----w- c:\users\PC\AppData\Roaming\PTC
2013-12-04 13:31 . 2013-12-04 13:31 -------- d-----w- c:\users\PC\AppData\Local\PTC
2013-12-04 13:09 . 2013-12-04 13:09 -------- d-----w- c:\programdata\PTC
2013-12-04 12:57 . 2013-12-05 08:19 -------- d-----w- c:\program files\PTC
2013-12-04 06:47 . 2013-12-04 06:47 -------- d-----w- c:\users\PC\AppData\Roaming\ABBYY
2013-12-04 06:46 . 2013-12-05 07:32 -------- d-----w- c:\programdata\ABBYY
2013-12-04 05:46 . 2013-12-11 20:03 -------- d-----w- c:\program files\CCleaner
2013-12-03 10:02 . 2013-12-03 10:02 -------- d-----w- c:\program files (x86)\av
2013-12-03 10:02 . 2013-12-03 10:02 -------- d--h--w- c:\program files (x86)\Zero G Registry
2013-12-03 10:02 . 2013-12-03 10:02 -------- d--h--w- c:\users\PC\InstallAnywhere
2013-12-03 06:13 . 2013-12-05 06:50 -------- d-----w- c:\users\PC\AppData\Roaming\Download Manager
2013-11-29 16:43 . 2013-11-29 16:43 154896 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2013-11-29 16:43 . 2013-11-29 16:43 140560 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2013-11-29 16:40 . 2013-11-29 16:40 204048 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-17 07:16 . 2013-01-21 13:33 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-12-17 07:16 . 2013-01-21 13:33 35656 ----a-w- c:\windows\system32\LMIport.dll
2013-12-17 07:16 . 2013-01-21 13:33 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-12-17 05:39 . 2012-03-30 09:14 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-17 05:39 . 2012-01-04 14:57 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-14 02:00 . 2012-01-04 14:14 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-05 05:53 . 2012-04-20 07:48 312744 ----a-w- c:\windows\system32\javaws.exe
2013-12-05 05:53 . 2012-04-20 07:48 189352 ----a-w- c:\windows\system32\javaw.exe
2013-12-05 05:53 . 2012-04-20 07:48 189352 ----a-w- c:\windows\system32\java.exe
2013-11-11 04:50 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-28 15:17 . 2013-01-21 13:33 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-10-21 15:17 . 2013-01-21 13:33 92488 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2013-10-12 02:30 . 2013-11-13 21:52 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 21:52 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 21:52 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 21:52 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 21:52 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-13 21:52 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-13 21:52 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-13 21:52 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-13 21:52 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-13 21:52 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-13 21:52 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 21:52 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-13 21:52 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 21:52 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-13 21:52 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-09-28 01:09 . 2013-11-13 21:52 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-25 02:26 . 2013-11-13 21:52 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26 . 2013-11-13 21:52 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23 . 2013-11-13 21:52 28672 ----a-w- c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-13 21:52 135680 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-13 21:52 28160 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 02:22 . 2013-11-13 21:52 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 02:21 . 2013-11-13 21:52 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 02:21 . 2013-11-13 21:52 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 01:58 . 2013-11-13 21:52 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-09-25 01:57 . 2013-11-13 21:52 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-09-25 01:57 . 2013-11-13 21:52 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-25 01:56 . 2013-11-13 21:52 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03 . 2013-11-13 21:52 30720 ----a-w- c:\windows\system32\lsass.exe
2013-09-23 15:56 . 2013-09-23 15:56 19856896 ----a-w- c:\windows\system32\thumbplug.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-09 684600]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP5000 Status Window.lnk - c:\windows\System32\spool\drivers\x64\3\CNAC4LAD.EXE [2012-1-24 60384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 SQLAgent$AUTODESKVAULT;SQL Server Agent (AUTODESKVAULT);c:\program files (x86)\Microsoft SQL Server\MSSQL10.AUTODESKVAULT\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.AUTODESKVAULT\MSSQL\Binn\SQLAGENT.EXE [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DTSAudioService;DTSAudioService;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe [x]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe;c:\windows\SYSNATIVE\hasplms.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
S2 NVWMI;NVIDIA WMI Provider;c:\windows\system32\nvwmi64.exe;c:\windows\SYSNATIVE\nvwmi64.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1615959610-508533854-3776503364-1000Core.job
- c:\users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-23 07:27]
.
2013-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1615959610-508533854-3776503364-1000UA.job
- c:\users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-23 07:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-10-23 18:43 13776 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" [2013-10-23 13776]
.
[HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 2278504]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-10-10 2041192]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-11-29 57928]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.sk/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\my3x8yaw.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
Toolbar-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
c:\users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk - c:\program files (x86)\Mozilla Thunderbird\thunderbird.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-20 10:19:32
ComboFix-quarantined-files.txt 2013-12-20 09:19
.
Pre-Run: 35 231 399 936 bytes free
Post-Run: 35 095 658 496 bytes free
.
- - End Of File - - FDFE6FE35C7E86E26E80DA203876733C
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu - zavírený PC
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
c:\program files (x86)\av
co je v té složce?
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1615959610-508533854-3776503364-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1615959610-508533854-3776503364-1000UA.job
Folder::
c:\program files (x86)\Skype\Updater
c:\program files (x86)\AskPartnerNetwork
c:\users\PC\AppData\Local\Google\Update
Driver::
SkypeUpdate
APNMCP
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"=-
[-HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}]
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
c:\program files (x86)\av
co je v té složce?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu - zavírený PC
Ospravedlňujem sa, že píšem až takto neskoro. V PC odišla základná doska, keby som to bol vedel tak sem ten dotaz ani nedám... 
Nasledoval format c: a nová inštalácia systému. Aj tak ďakujem za ochotu.
Nasledoval format c: a nová inštalácia systému. Aj tak ďakujem za ochotu.-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu - zavírený PC
Nemáš zač. Označ téma jako uzavřené , zelenou fajfkou.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 122 hostů